Package name: xms_10.10.0.10403.bin
For: XenMobile Server 10.10.0
Deployment type: On-premises only
Replaces: xms_10.10.0.10305.bin, xms_10.10.0.10202.bin, and xms_10.10.0.10103.bin
Date: October, 2019
Languages supported: English (US)
Readme version: 1.00
Readme Revision History
|1.00||October, 2019||Initial release|
Important Notes about This Update
As a best practice, Citrix recommends that you install this and other updates only if you are affected by the specific issues they resolve.
Where to Find Documentation
This document describes the issue(s) resolved by this release and includes installation instructions. For additional product information, see XenMobile Server 10.10 on the Citrix Product Documentation site.
Some Restrictions device policy settings available on supervised or unsupervised devices for previous iOS versions are available only on supervised devices for iOS 13+. The current XenMobile Server console tool tips don’t yet indicate that these settings are for supervised devices for iOS 13+ only.
Allow hardware controls:
- Installing apps
- iTunes Store
- Safari > Autofill
Network – Allow iCloud actions:
- iCloud documents & data
Supervised only settings – Allow:
- Game Center > Add friends
- Game Center > Multiplayer gaming
Media content – Allow:
– Explicit music, podcasts, and iTunes U material
These restrictions apply as follows:
- If an iOS 12 (or lower) device already enrolled in XenMobile Server and then upgrades to iOS 13, there are no changes. The preceding settings apply to the device as before.
- If an unsupervised iOS 13+ device enrolls in XenMobile Server, the preceding settings don’t apply to the device.
- If a supervised iOS 13+ device enrolls in XenMobile Server, the preceding settings apply to the device.
For information about XenMobile Server 10.10.0 Rolling Patch 3 release, see XenMobile Server 10.10.0 Rolling Patch 3.
For information about XenMobile Server 10.10.0 Rolling Patch 2 release, see XenMobile Server 10.10.0 Rolling Patch 2.
For information about XenMobile Server 10.10.0 Rolling Patch 1 release, see XenMobile Server 10.10.0 Rolling Patch 1.
Known Issue(s) in this Release
There are no known issues in this release.
New Fixes in This Update
The XenMobile Server console responds slowly.
Apple recently published a knowledge article that lists host names that must remain open to ensure proper operation of macOS, iOS, and iTunes. Blocking those host names can affect the installation, update, and proper operation of the following: iOS, iOS apps, MDM operation, and device and app enrollment. For more information, see https://support.apple.com/en-us/HT201999.
After enrolling a new device or re-enrolling an old device, an error message intermittently displays on the Manage tab.
MAM devices wipe apps and app data because of a failure to get user domain details causing the device to assume the user is deleted.
When attempting to update a public iOS app using XenMobile Server, a configuration error appears.
The RBAC role “Tier 2 techs” can’t create enrollment invitations to a user group with more than 2000 users. Only full admin users can create the invitations.
After you deploy the App Access device policy, non-compliant devices don’t trigger the configured action.
When you check the Tomcat server status, you may get the return value of 1 instead of 0 even though the server status is normal.
Unable to get the VPP for app version B2B when the platform parameter is incorrectly set in MDM API contentMetadataLookup.
On iOS devices, administrators may lose the ability to send an “unlock device” command to passcode protected devices after the device is upgraded to iOS 13.1.x. To resolve this issue, see https://support.citrix.com/article/CTX262076.
Fixes From Replaced Releases
Newly imported CA certificates are not visible in the Public-Key Interface (PKI) entries.
Secure Hub for iOS is timed out when StoreFront server is not reachable, and it does not enumerate any MDX apps.
On the XenMobile Server console, the value of the client property has a character limit of 256.
When you configure VPN policy using Citrix SSO VPN on the XenMobile Server iOS platform, and edit the Prompt for PIN when connecting, it is reverted to Off.
On devices running Android, sometimes you are unable to update the enterprise app.
The keystore table count keeps increasing, even if the related devices and enrollments are deleted, which might impact system performance.
In Android Enterprise devices that are already enrolled, the new required apps to the AllUsers delivery group are not displayed in Google Play Store.
When you update an Enterprise app to the latest version, which was previously updated via REST API, the version number is not updated.
When adding a VPP account (Settings > iOS Settings), the following message appears if the token exceeds 350 characters: “The entered company token is not valid, please enter a new one.”
The Secure Hub Apple Push Notification Service (APNs) certificate for XenMobile Server 10.10 will expire on August 2, 2019. As a result, the Agent Notification fails and the application push might be delayed on iOS devices.
With this update, the Secure Hub APNs certificate will be renewed and will expire on July 12, 2020.
Apple Volume Purchase Program (VPP) apps don’t import into XenMobile Server. This issue occurred after Apple changed the URL for apps from itunes.apple.com to apps.apple.com.
With iOS VPP configured in XenMobile, iBooks obtained through VPP don’t appear on the Configure > Media page as described in Add media.
In XenMobile Server, publish an MDX app for iOS or Android platform. The XenMobile Server Public API does not support the modification of App description in the corresponding platform.
Sometimes when Secure Hub is disconnected, security actions need to be performed twice to trigger Firebase Cloud Messaging (FCM) notifications for an event.
In the dashboard, the number of Pending Activation Requests under the Notifications section are displayed incorrectly.
The Firebase Cloud Messaging (FCM) token on the XenMobile Server doesn’t change until you delete or uninstall the Secure Hub.
While enrolling Android enrolment for devices, the following error appears: Cannot decrypt value.
The name and owner of your Android Enterprise enterprise might not display correctly in the Google Play store administrator console.
Installing This Update
Note: If your system is configured in cluster mode, follow the steps below to update each node, one after the other.
Important: Before installing this update, take a snapshot of the current settings and create a backup of the database.
- Log on to your account on the Citrix website and download the XenMobile Server update (.bin) file to an appropriate location.
- In the XenMobile Server Console of a node click Settings > Release Management. The Release Management page appears, which displays the currently installed software version, as well as a list of any updates, patches, and upgrades you have already uploaded.
- Under Release Management, click Update. The Update dialog box appears.
- Click Browse to upload the update (.bin) file you have downloaded from support.citrix.com.
- Click Update and then if prompted, restart the XenMobile Server node using command line.
To verify the patch deployment
After installing this patch, log on to the XenMobile Server Console as an administrator, then navigate to Settings > Release Management > Updates. Information about the most recent successful patch installation appears in this section.